Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross site scripting vulnerability for private chat in bigbluebutton
Vulnerability Description
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
BigBlueButton 跨站脚本漏洞
Vulnerability Description
BigBlueButton是BigBlueButton社区的一套开源的Web会议系统。 BigBlueButton 2.4.8 之前版本和 2.5.0 之前版本存在跨站脚本漏洞,该漏洞源于启用私人聊天的会议中的用户容易受到恶意 JavaScript 攻击。
CVSS Information
N/A
Vulnerability Type
N/A